Skip to content

ci: switch build scripts from wget to curl#5260

Open
alliasgher wants to merge 1 commit intoopencontainers:mainfrom
alliasgher:chore/5240-unify-curl
Open

ci: switch build scripts from wget to curl#5260
alliasgher wants to merge 1 commit intoopencontainers:mainfrom
alliasgher:chore/5240-unify-curl

Conversation

@alliasgher
Copy link
Copy Markdown

@alliasgher alliasgher commented Apr 23, 2026

Description

runc's build scripts and Dockerfile use a mix of wget (4 sites) and curl (8 sites) for HTTPS fetches. Per #5240, standardise on curl — it's already used in the majority of sites and is available on both Debian and Fedora base images runc builds against.

Changes

  • Dockerfile — replace the wget -nv $CRIU_REPO/Release.key step with curl -fsSL. The golang:<version>-trixie base image doesn't ship curl (per @eschmechel's caveat on the issue), so install it and ca-certificates via a small dedicated apt-get install step before the key fetch. Dropped the now-redundant standalone curl from the subsequent package list.
  • script/build-libpathrs.sh and script/build-seccomp.sh — replace wget "<url>"{,.asc} with curl -fsSLO "<url>"{,.asc}. Bash brace expansion still yields two separate downloads (of the tarball and its .asc signature).
  • script/setup_host.sh — replace wget with curl in the RPM install list so Fedora hosts get curl installed instead.

After this PR, grep -r wget script Dockerfile is empty.

Testing

  • Verified no other wget references remain under script/, Dockerfiles, or .github/workflows.
  • bash -n parses all three modified shell scripts cleanly.
  • Did not run the full CI locally (requires the base image); relying on the workflow to exercise the changed paths.

Closes #5240

@alliasgher alliasgher mentioned this pull request Apr 23, 2026
Open
kolyshkin
kolyshkin reviewed Apr 23, 2026
View reviewed changes
Comment thread Dockerfile Outdated
@alliasgher alliasgher force-pushed the chore/5240-unify-curl branch from be3d2ea to 479513b Compare April 23, 2026 22:29
@alliasgher alliasgher changed the title ci: unify wget and curl on curl ci: switch build scripts from wget to curl Apr 23, 2026
@kolyshkin
Copy link
Copy Markdown
Contributor

kolyshkin commented Apr 23, 2026

A single comment about wget in Dockerfile; the rest LGTM.

@alliasgher
ci: switch build scripts from wget to curl
40f5fbd 
runc's build scripts and CI setup used a mix of wget (4 sites) and
curl (8 sites) for HTTPS fetches. Standardise the three script sites on
curl, which is already required by the majority of call sites.

* script/build-libpathrs.sh and script/build-seccomp.sh: replace
  wget "<url>"{,.asc} with curl -fsSLO "<url>"{,.asc}. Bash brace
  expansion still yields two separate downloads (the tarball and its
  .asc signature).
* script/setup_host.sh: replace wget with curl in the Fedora RPM
  install list.

Leaving the single wget call in Dockerfile untouched per review
feedback -- the trixie base image already ships wget, and switching
would add an extra apt-get update && install step before the existing
single-pass package install.

Refs opencontainers#5240

Signed-off-by: Ali <alliasgher123@gmail.com>
@alliasgher alliasgher force-pushed the chore/5240-unify-curl branch from 479513b to 40f5fbd Compare April 23, 2026 22:33
@alliasgher
Copy link
Copy Markdown
Author

alliasgher commented Apr 23, 2026

Force-pushed 40f5fbd: fixed a second bug CI caught — curl -O only saves the first URL when given multiple, so the .asc signature was silently dropped. Switched to curl --remote-name-all which applies -O to every URL.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kolyshkin kolyshkin kolyshkin left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

CI: unify wget and curl

2 participants

@alliasgher @kolyshkin